Modern computer systems may provide access to services using web-based interfaces. In such an access model, clients connect to servers over a network such as the Internet, through a web-based interface, which may allow access to services operating on the servers using Internet protocols or interfaces. Maintaining the security of such web-based interfaces and the security of the services that are supported by those interfaces may be difficult, particularly when client devices are not always trusted. Maintaining the security of such systems may be made more difficult when the scope and type of security vulnerabilities frequently change.
An operator of a website may wish to know how the website compares to other websites in terms of security and may wish to have assurances that the websites are more secure than those other websites. A related issue is that users of client devices may wish to be provided assurances about the security of the websites in order to protect the client device or the client data from potentially dangerous websites. Various security metrics may exist to indicate a level of security of a website, but such metrics may vary in precision, accuracy, and/or data compared. Without a metric of security that may be applied across a plurality of sites, a user of a website may not know how secure that website is, the operator of a website may not know how secure that website is in comparison to other websites, and other services may not have any assurances about how secure that website is.